Carbon Black

One solution for continuous endpoint recording, live response & remediation

Carbon Black is the industry’s only endpoint threat detection and incident response solution for SOC and incident response (IR) teams that combines continuous recording and live response capabilities to prepare organizations for a data breach, instantly isolate endpoint threats, terminate ongoing attacks, and remediate threats at the moment of discovery.

Carbon Black reduces the cost and complexity of traditional incident response by replacing reactive “after-the-fact” manual data acquisition with proactive continuous monitoring and recording of all activity on endpoints and servers. Responders can now dramatically reduce the dwell time of targeted threats with instant attack intervention and remediation of advanced threats. Top IR firms and managed security service providers (MSSP) have made Carbon Black a core component of their detection and response services.

Always-on endpoint sensor for continuous monitoring & recording

Carbon Black is the only response solution with a real-time endpoint sensor that continuously records and maintains the relationships of every critical action on every machine, including all file executions, file modifications, registry modifications, network connections and a copy of every executed binary. This enables responders to immediately “roll back the tape” to understand root cause, lateral movement and deleted payloads. Carbon Black’s always-on sensor also has robust coverage of all major operating systems such as Windows, Mac OS X and Linux.

Through the Bit9 + Carbon Black Threat Intelligence Cloud, only Carbon Black can automate and apply comprehensive threat intelligence—from a combination of public, custom, third-party, and proprietary providers—over its continuously recorded endpoint visibility for immediate consumption of real-time threat feeds to reduce alert fatigue, accelerate threat discovery and classify attacks instantly. Carbon Black also now leverages the recent enhancements to the Threat Intelligence Cloud by integrating a variety of new threat feeds—developed and published by the Bit9 + Carbon Black Threat Research Team—for automatic consumption by SOC and IR teams to improve the discovery of emerging threats.

Complete kill chain analysis for instant root cause investigation

Carbon Black delivers an unmatched ability to instantly understand root cause—through a recorded history of the relevant changes at the endpoint and attack visualization—to enable responders to immediately investigate and recover at the moment of discovery.

One-click endpoint isolation for attack quarantining & containment

Responders can now instantly disrupt active intrusions by quarantining and isolating one or multiple endpoints from the network while still maintaining an active connection with the Carbon Black server enabling IR teams to perform more conclusive and surgical investigations.

With the addition of CB Live Response, responders can now understand the current state of an endpoint, perform remote live investigations, intervene with ongoing attacks, and instantly remediate endpoint threats. This enables incident responders to “look” and “touch” endpoints to take immediate action during an investigation—even while the endpoint remains isolated from the rest of the network.

KPI dashboards for instant endpoint insight

With Carbon Black’s dashboards, security teams now gain instant insight into key endpoint and incident response performance indicators across their entire environment. This enables organizations to understand and articulate the state of their endpoint detection and response capabilities.